How to Set Up Email Server with Plesk on Ubuntu 20.04

What is Plesk

Plesk is a hosting control panel that you can install on your server to simplify server management. With Plesk, you can create an email server and website from the web-based control panel, without having to learn Linux command lines.

Plesk features:

• Intuitive Control Panel
• Supports both Windows and Linux servers, including Debian, Ubuntu, CentOS, Red Hat Linux, and CloudLinux.
• Hundreds of extensions to enhance the functionalities. WordPress toolkit, SEO toolkit, eCommerce toolkit, etc.
• Create unlimited mailboxes and unlimited mail domains in a web-based admin panel.
• Roundcube webmail and SpamAssassin active out of the box.
• Supports DKIM, SPF, SRS, DMARC for validation of mail messages identity.
• Supports email forwarding, email aliases and auto-reply.
• Free TLS certificate (Let’s Encrypt integrations).
• Automatic DNS records management
• Web-based file manager.
• Schedule incremental backups. Easily restore site/database changes with minimum free space using remote storage like S3, GDrive, OneDrive & more.
• Mobile apps available to manage your Plesk server on the go.
• Self-repair tools allow you to easily repair your Plesk installation.
• Security: Web application firewall (ModSecurity) & Brute Force Protection (fail2ban) active out the box. PCI DSS compliance.
• Update system packages from the web interface.
• And many more.

Plesk is not only a mail server management platform but also a full-featured web hosting control panel (CPanel alternative), so you can easily run a mail server and website on the same host.

Step 1: Choose the Right Hosting Provider and Buy a Domain Name

Plesk must be installed on a clean fresh server.

This tutorial is done on a $9/month Kamatera VPS (virtual private server) with 1 CPU and 3GB RAM. They offer a 30-day free trial.

Kamatera is a very good option to run a mail server because

• They don’t block port 25, so you can send unlimited emails (transactional email and newsletters) without spending money on SMTP relay service. Kamatera doesn’t have any SMTP limits. You can send a million emails per day.
• The IP address isn’t on any email blacklist. (At least this is true in my case. I chose the Dallas data center.) You definitely don’t want to be listed on the dreaded Microsoft Outlook IP blacklist or the spamrats blacklist. Some blacklists block an entire IP range and you have no way to delist your IP address from this kind of blacklist.
• You can edit PTR record to improve email deliverability.
• They allow you to send newsletters to your email subscribers with no hourly limits or daily limits, whatsoever.
• You can order multiple IP addresses for a single server. This is very useful for folks who need to send a large volume of emails. You can spread email traffic on multiple IP addresses to achieve better email deliverability.

Other VPS providers like DigitalOcean blocks port 25. DigitalOcean would not unblock port 25, so you will need to set up SMTP relay to bypass blocking, which can cost you additional money. If you use Vultr VPS, then port 25 is blocked by default. They can unblock it if you open a support ticket, but they may block it again at any time if they decide your email sending activity is not allowed. Vultr actually may re-block it if you use their servers to send newsletters.

Go to Kamatera website to create an account, then create your server in your account dashboard.

I recommend following the tutorial linked below to properly set up your Linux VPS server on Kamatera.

• How to Create a Linux VPS Server on Kamatera

Once you created a server, Kamatera will send you an email with the server SSH login details. To log into your server, you use an SSH client. If you are using Linux or macOS on your computer, then simply open up a terminal window and run the following command to log into your server. Replace 12.34.56.78 with your server’s IP address.

ssh [email protected]

You will be asked to enter the password.

You also need a domain name. I registered my domain name from NameCheap because the price is low and they give whois privacy protection free for life.

Step 2: Get Plesk Free Trial License

Plesk is not free. You can check the Plesk pricing here.

• If you use Plesk to run your own website, choose Web Admin or Web Pro Edition.
• If you use Plesk to provide hosting services for other website owners, choose the Web Host Edition.

However, you can obtain a full-featured 14-day free trial license to give it a test drive. The license number will be sent to your email address.

Step 3: Creating DNS MX Record

The MX record specifies which host or hosts handle emails for a particular domain name. For example, the host that handles emails for linuxbabe.com is mail.linuxbabe.com. If someone with a Gmail account sends an email to [email protected], then Gmail server will query the MX record of linuxbabe.com. When it finds out that mail.linuxbabe.com is responsible for accepting email, it then queries the A record of mail.linuxbabe.com to get the IP address, thus the email can be delivered.

You need to go to your DNS hosting service (usually your domain registrar) to create DNS records. In your DNS manager, create a MX record for your domain name. Enter @ in the Name field to represent the main domain name, then enter mail.your-domain.com in the Value field.

Note: The hostname for MX record can not be an alias to another name. Also, It’s highly recommended that you use hostnames, rather than bare IP addresses for MX record.

Your DNS manager may require you to enter a preference value (aka priority value). It can be any number between 0 and 65,356. A small number has higher priority than a big number. It’s recommended that you set the value to 0, so this mail server will have the highest priority for receiving emails. After creating MX record, you also need to create an A record for mail.your-domain.com , so that it can be resolved to an IP address. If your server uses IPv6 address, be sure to add AAAA record.

Hint: If you use Cloudflare DNS service, you should not enable the CDN feature when creating A record for mail.your-domain.com. Cloudflare does not support SMTP proxy.

Step 4: Configuring Hostname

The initial Plesk setup requires you to use the Linux command line. Don’t worry. This process is very simple.

Log into your server via SSH, then run the following command to update existing software packages.

sudo apt update

sudo apt upgrade -y

I strongly recommend creating a sudo user for managing your server rather than using the default root user. Run the following command to create a user. Replace username with your preferred username.

adduser username

Then add the user to the sudo group.

adduser username sudo

Switch to the new user.

su - username

Next, set a fully qualified domain name (FQDN) for your server with the following command.

sudo hostnamectl set-hostname mail.your-domain.com

We also need to update /etc/hosts file with a command-line text editor like Nano.

sudo nano /etc/hosts

Edit it like below. (Use arrow keys to move the cursor in the file.)

127.0.0.1       mail.your-domain.com localhost

Save and close the file. (To save a file in Nano text editor, press Ctrl+O, then press Enter to confirm. To close the file, press Ctrl+X.)

To see the changes, re-login and then run the following command to see your hostname.

hostname -f

Step 5: Install Plesk on Ubuntu 20.04

Download Plesk installer with the following command.

wget https://autoinstall.plesk.com/plesk-installer

Add executable permission.

chmod +x plesk-installer

Run the Plesk installer.

sudo ./plesk-installer

The install wizard will appear. Select F to go forward.

Next, choose if you want to send information to Plesk.

Then, choose the installation type.

• Recommended
• Full
• Custom

You can choose the recommended installation type. If you want to install all available components, you can always do it later in the Plesk control panel.

Next, press Enter to continue.

And wait for the installation to finish. Once it’s finished, you will be given a URL. Copy this URL and paste it into your web browser address bar.

You will need to create an admin account for the Plesk web interface, and also enter your free trial license here.

You can paste the free trial activation code in the box, or select Proceed with a full-featured trial license.

After that, choose explore plesk.

Before creating email address for your domain name, you need to add your domain in Plesk.

Enter your domain name.

Step 6: Use Plesk DNS Server

By default, you use your domain registrar’s DNS server to edit DNS records. Plesk’s built-in DNS server can automatically manage DNS records for your domain. Some DNS records such as SPF and DKIM records are error-prone. If you don’t want to create these DNS records manually, you can choose to use Plesk’s built-in DNS server.  All you have to do is to go to your domain registrar’s website and change the NS record for your domain.

For example, if you bought a domain name at NameCheap, then log into your NameCheap account. Select the Domain list menu on the left sidebar, then click the Manage button on the far right.

Select Advanced DNS.

Scroll to the bottom of the page, you will find the personal DNS server section. Click the Add NameServer button to add your own name servers: ns1.example.com and ns2.example.com. You need to enter the IP addresses of your name servers. The IP address for ns1 and ns2 should be the same, because you have only one Plesk server.

After adding your two name servers, click the search button to check if they are added successfully. If so, the glue records will appear at the bottom of this page.

Now click the Domain tab, and use your custom DNS server.

Depending on the domain registrar you use, your NS record might be propagated instantly, or it might take up to 24 hours to propagate. You can go to https://dnsmap.io to check if your new NS record is active.

After the NS record and glue record have been propagated to the Internet, your Plesk DNS servers would be responding to DNS queries for your domain name.

Step 7: Manage Plesk Mail Server

Mail service is activated automatically when you add a domain name in Plesk. There are several things you need to do to make it work as well as it can.

Install a Valid Let’s Encrypt TLS Certificate

By default, the mail server uses a self-signed TLS certificate, both desktop mail client users and webmail client users will see a security warning. To fix this, we can obtain and install a free Let’s Encrypt TLS certificate.

Go to Plesk Website & Domains -> Dashboard -> SSL/TLS Certificates.

Select free Let’s Encrypt certificate.

Next, choose Secure the wildcard domain and Assign the certificate to the mail domain.  Then click Get it free button.  (A wildcard TLS certificate can be used to secure any of your sub-domains.)

Wait for it to finish. In order to get a wildcard certificate, you need to add a TXT record to prove that you really are the owner of your domain name. If you use the built-in DNS server in Plesk as described in step 6, then this is automatically done for you. If you use your domain registrar’s DNS server, then you need to add this TXT record manually.

A few moments later, click the Reload button. The wildcard certificate should be obtained and installed on your server.

 

Enable DKIM Signing

DKIM (DomainKeys Identified Mail) uses a private key to add a signature to emails sent from your domain. Receiving SMTP servers verify the signature by using the corresponding public key, which is published in your domain’s DNS zone. This helps prevent email spoofing.

Go to Plesk Website & Domains ->Mail -> Mail Settings.

Tick on the DKIM checkbox and apply the changes. If you use the built-in DNS server in Plesk, then it will automatically add the DKIM record for your domain name.

Create Email Addresses

Select the Mail tab on the main Plesk dashboard and create email addresses for your domain name.

Enable SpamAssassin

SpamAssassin is a program that can help you detect spam coming to your server. To enable SpamAssassin, go to Tools & Settings -> Plesk -> Updates.

Then select Add/Remove Components.

Expand the Mail hosting section, and install SpamAssassin.

Click the Continue button and it shall be installed in a few moments.

Create PTR record

A pointer record, or PTR record, maps an IP address to an FQDN (fully qualified domain name). It’s the counterpart to the A record and is used for reverse DNS lookup, which can help with blocking spammers. Many SMTP servers reject emails if no PTR record is found for the sending server.

To check the PTR record for an IP address, run this command over SSH.

dig -x IP-address +short

or

host IP-address

PTR record isn’t managed by your domain registrar or Plesk. It’s managed by the organization that gives you an IP address. Because you get IP address from your hosting provider or ISP, not from your domain registrar, so you must set PTR record for your IP in the control panel of your hosting provider, or ask your ISP. Its value should be your mail server’s hostname: mail.your-domain.com. If your server uses IPv6 address, be sure to add a PTR record for your IPv6 address as well.

To edit the reverse DNS record for your Kamatera VPS, log into the Kamatera client area, then open a support ticket and tell them to add PTR record for your server IP addresss to point the IP address to mail.your-domain.com. It’s not convenient, you might think, but this is to keep spammers away from the platform, so legitimate email senders like us will have a great IP reputation.

Step 8: Login From Mail Clients

Fire up your desktop email client such as Mozilla Thunderbird or Microsoft Outlook and add a mail account.

• In the incoming server section, select IMAP protocol, enter mail.your-domain.com as the server name, choose port 993 and SSL/TLS. Choose normal password as the authentication method.
• In the outgoing section, select SMTP protocol, enter mail.your-domain.com as the server name, choose port 465 and SSL/TLS. Choose normal password as the authentication method.

The webmail client is available at https://webmail.your-domain.com.

Now you can send test emails to your other email addresses like Gmail, Yahoo Mail, etc.

Step 9: Checking If Port 25 (outbound) is blocked

Your ISP or hosting provider won’t block incoming connections to port 25 of your server, which means you can receive emails from other mail servers. However, many ISP/hosting providers block outgoing connections to port 25 of other mail servers, which means you can’t send emails.

Hint: If you use Kamatera VPS, then the outbound port 25 is open by default.

If your email didn’t arrive at your other email address such as Gmail, then check the mail log in the Plesk admin panel. Go to Tools & Settings -> Assistance and Troubleshooting -> Mail Log Browser.

Then select Postfix/SMTP as the source. If outbound port 25 is not blocked, you would see the message status = sent, which indicated the email was successfully sent to the recipient.

If port 25 (outbound) is blocked, you would see the connection timed out error message.

In this case, your Postfix can’t send emails to other SMTP servers. Ask your ISP/hosting provider to open it for you. If they refuse your request, you need to set up SMTP relay to bypass port 25 blocking.

Still Can’t Send Email?

If port 25 (outbound) is not blocked, but you still can’t send emails from your own mail server to your other email address like Gmail, then check the mail log. Some folks might see the following message in the log

host gmail-smtp-in.l.google.com[2404:6800:4003:c03::1b] said: 550-5.7.1 [2a0d:7c40:3000:b8b::2] Our system has detected that 550-5.7.1 this message does not meet IPv6 sending guidelines regarding PTR 550-5.7.1 records and authentication. Please review 550-5.7.1 https://support.google.com/mail/?p=IPv6AuthError for more information

This means your mail server is using IPv6 to send the email, but you didn’t set up IPv6 records. You should go to your DNS manager, set AAAA record for mail.your-domain.com, then you should set PTR record for your IPv6 address, which is discussed in step 7.

Step 10: Testing Email Score and Placement

After creating PTR, SPF, DKIM record, go to https://www.mail-tester.com. You will see a unique email address. Send an email from your domain to this address and then check your score. As you can see, I got a perfect score. In the test result, you should check if your PTR record, SPF and DKIM record is valid.

Mail-tester.com can only show you a sender score. There’s another service called GlockApps that allows you to check if your email is landed in the recipient’s inbox or spam folder, or rejected outright. It supports many popular email providers like Gmail, Outlook, Hotmail, YahooMail, iCloud mail, etc.

What if Your Emails Are Still Being Marked as Spam?

I have more tips for you in this article: How to stop your emails being marked as spam. Although it will take some time and effort, your emails will eventually be placed in inbox after applying these tips.

What if Your Email is Rejected by Microsoft Mailbox?

Microsoft seems to be using an internal blacklist that blocks many legitimate IP addresses. If your emails are rejected by Outlook or Hotmail, you need to submit the sender information form. After that, your email will be accepted by Outlook/Hotmail.

How to Upgrade Plesk

When a new release of Plesk comes out, you can upgrade to it from the Plesk web-based admin panel. Go to Tools & Settings -> Plesk -> Updates.

Then click Install or Upgrade Product. If this item is greyed out, it means you are using the latest Plesk release.

Note: When there’s both a new release of Plesk and the server OS, it’s recommended to upgrade Plesk before upgrading the OS. Also, check the Plesk official website to make sure Plesk supports the new OS release before doing the upgrade.

Wrapping Up

That’s it! I hope this tutorial helped you set up an email server with Plesk on Ubuntu 20.04 As always, if you found this post useful, then subscribe to our free newsletter to get more tips and tricks. Take care 🙂